Enjoy priority support and immediate help for your WordPress sites!

WP Security: 6 plugin vulnerabilities in February 2019

WP Security: 6 plugin vulnerabilities in February 2019

WP Security bulletin – February 2019

At your next scheduled WordPress Maintenance, be advised for your WP Security about the latest 6 vulnerabilities in WordPress plugins identified and reported publicly. As these vulnerabilities are disclosed, when you use one (or more) of these outdated plugins – your risking serious WordPress breaches to your site(s).


  • NextGen Gallery
    • Authenticated PHP Object Injection reported by Slavco (@mslavco). Legacy serialization handling allows unserialize of user input for low privileged users, leading to RCE.
      • WP Security recommendation: immediately upgrade to version 3.1.7 to fix the vulnerability.

  • Parallax Scroll
    • Cross-Site Scripting (XSS) reported by Adam Robinson. In the Parallax Scroll (aka adamrob-parallax-scroll) plugin before 2.0 for WordPress, includes/adamrob-parralax-shortcode.php allows XSS via the title text. (“parallax” has a spelling change within the PHP filename.)
      • WP Security recommendation: immediately upgrade to version 2.1 to fix the vulnerability.

  • Simple Social Buttons
    • BYPASS reported by Luka Šikić (WebARX). Improper application design flow, chained with lack of permission check resulted in privilege escalation and unauthorized actions in WordPress installation allowing non-admin users, even subscriber user type to modify WordPress installation options from the wp_options table.
      • WP Security recommendation: immediately upgrade to version 2.0.22 to fix the vulnerability.

 


Get Healthy, Stay Healthy: A healthier online business starts today and it begins with you!

The following WordPress plugin vulnerabilities are extremely dangerous since the active installations are in the millions OR the reported vulnerabilities were never patched. The potential risk goes up each day as more and more bad intended persons find out about these vulnerabilities. WP Security compromised by plugins from Automattic, WPMU DEV and Codecanyon.

 

Protect your WordPress: BEFORE IT’S TOO LATE! You will also protect your customers, your reputation and your online business!

Do you have any concerns with WP Security? Leave your thoughts in the comments below!
Summary
WP Security: 6 plugin vulnerabilities in February 2019
Article Name
Description
At your next scheduled WordPress Maintenance, be advised for your WP Security about the latest 6 vulnerabilities in WordPress plugins identified and reported publicly. As these vulnerabilities are disclosed, when you use one (or more) of these outdated plugins - your risking serious WordPress breaches to your site(s).
Author
Publisher
owl power EUROPE

Related Posts

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.